diff --git a/.github/scripts/release/release_lib.sh b/.github/scripts/release/release_lib.sh index f4ac971824c48..c468599b364de 100644 --- a/.github/scripts/release/release_lib.sh +++ b/.github/scripts/release/release_lib.sh @@ -195,6 +195,9 @@ function get_s3_url_base() { eth-rpc) printf "releases.parity.io/eth-rpc" ;; + subkey) + printf "releases.parity.io/subkey" + ;; *) printf "UNSUPPORTED BINARY $name" exit 1 diff --git a/.github/workflows/release-20_build-rc.yml b/.github/workflows/release-20_build-rc.yml index 11d126a69be39..e11d0070bde76 100644 --- a/.github/workflows/release-20_build-rc.yml +++ b/.github/workflows/release-20_build-rc.yml @@ -15,6 +15,7 @@ on: - chain-spec-builder - substrate-node - eth-rpc + - subkey - all release_tag: @@ -163,6 +164,21 @@ jobs: attestations: write contents: read + build-subkey-binary: + needs: [validate-inputs] + if: ${{ inputs.binary == 'subkey' || inputs.binary == 'all' }} + uses: "./.github/workflows/release-reusable-rc-build.yml" + with: + binary: '["subkey"]' + package: subkey + release_tag: ${{ needs.validate-inputs.outputs.release_tag }} + target: x86_64-unknown-linux-gnu + secrets: inherit + permissions: + id-token: write + attestations: write + contents: read + build-polkadot-macos-binary: needs: [validate-inputs] if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} @@ -268,3 +284,18 @@ jobs: id-token: write attestations: write contents: read + + build-subkey-macos-binary: + needs: [validate-inputs] + if: ${{ inputs.binary == 'subkey' || inputs.binary == 'all' }} + uses: "./.github/workflows/release-reusable-rc-build.yml" + with: + binary: '["subkey"]' + package: subkey + release_tag: ${{ needs.validate-inputs.outputs.release_tag }} + target: aarch64-apple-darwin + secrets: inherit + permissions: + id-token: write + attestations: write + contents: read diff --git a/.github/workflows/release-22_combined-rc-runtime-builds-release-draft.yml b/.github/workflows/release-22_combined-rc-runtime-builds-release-draft.yml index f8473be81ee14..ac5e4b0af8ab9 100644 --- a/.github/workflows/release-22_combined-rc-runtime-builds-release-draft.yml +++ b/.github/workflows/release-22_combined-rc-runtime-builds-release-draft.yml @@ -41,6 +41,7 @@ on: - chain-spec-builder - substrate-node - eth-rpc + - subkey - all release_tag: description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcY or polkadot-stableYYMM(-X) diff --git a/.github/workflows/release-reusable-rc-build.yml b/.github/workflows/release-reusable-rc-build.yml index 973796cbf39f2..77bc48104cc59 100644 --- a/.github/workflows/release-reusable-rc-build.yml +++ b/.github/workflows/release-reusable-rc-build.yml @@ -301,10 +301,7 @@ jobs: package: ${{ inputs.package }} release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-polkadot-parachain-artifacts-to-s3: if: ${{ inputs.package == 'polkadot-parachain-bin' && inputs.target == 'x86_64-unknown-linux-gnu' }} @@ -314,10 +311,7 @@ jobs: package: polkadot-parachain release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-polkadot-omni-node-artifacts-to-s3: if: ${{ inputs.package == 'polkadot-omni-node' && inputs.target == 'x86_64-unknown-linux-gnu' }} @@ -327,10 +321,7 @@ jobs: package: ${{ inputs.package }} release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-frame-omni-bencher-artifacts-to-s3: if: ${{ inputs.package == 'frame-omni-bencher' && inputs.target == 'x86_64-unknown-linux-gnu' }} @@ -340,10 +331,7 @@ jobs: package: ${{ inputs.package }} release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-chain-spec-builder-artifacts-to-s3: if: ${{ inputs.package == 'staging-chain-spec-builder' && inputs.target == 'x86_64-unknown-linux-gnu' }} @@ -353,10 +341,7 @@ jobs: package: chain-spec-builder release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-substrate-node-artifacts-to-s3: if: ${{ inputs.package == 'staging-node-cli' && inputs.target == 'x86_64-unknown-linux-gnu' }} @@ -366,10 +351,7 @@ jobs: package: substrate-node release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-eth-rpc-artifacts-to-s3: if: ${{ inputs.package == 'pallet-revive-eth-rpc' && inputs.target == 'x86_64-unknown-linux-gnu' }} @@ -379,10 +361,17 @@ jobs: package: eth-rpc release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit + + upload-subkey-artifacts-to-s3: + if: ${{ inputs.package == 'subkey' && inputs.target == 'x86_64-unknown-linux-gnu' }} + needs: [build-rc] + uses: ./.github/workflows/release-reusable-s3-upload.yml + with: + package: subkey + release_tag: ${{ inputs.release_tag }} + target: ${{ inputs.target }} + secrets: inherit upload-polkadot-macos-artifacts-to-s3: if: ${{ inputs.package == 'polkadot' && inputs.target == 'aarch64-apple-darwin' }} @@ -394,10 +383,7 @@ jobs: package: ${{ inputs.package }} release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-polkadot-prepare-worker-macos-artifacts-to-s3: if: ${{ inputs.package == 'polkadot' && inputs.target == 'aarch64-apple-darwin' }} @@ -407,10 +393,7 @@ jobs: package: polkadot-prepare-worker release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-polkadot-execute-worker-macos-artifacts-to-s3: if: ${{ inputs.package == 'polkadot' && inputs.target == 'aarch64-apple-darwin' }} @@ -420,10 +403,10 @@ jobs: package: polkadot-execute-worker release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit + # AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + # AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + # AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} upload-polkadot-omni-node-macos-artifacts-to-s3: if: ${{ inputs.package == 'polkadot-omni-node' && inputs.target == 'aarch64-apple-darwin' }} @@ -433,10 +416,7 @@ jobs: package: ${{ inputs.package }} release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-polkadot-parachain-macos-artifacts-to-s3: if: ${{ inputs.package == 'polkadot-parachain-bin' && inputs.target == 'aarch64-apple-darwin' }} @@ -446,10 +426,7 @@ jobs: package: polkadot-parachain release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-frame-omni-bencher-macos-artifacts-to-s3: if: ${{ inputs.package == 'frame-omni-bencher' && inputs.target == 'aarch64-apple-darwin' }} @@ -459,10 +436,10 @@ jobs: package: ${{ inputs.package }} release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit + # AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + # AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + # AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} upload-chain-spec-builder-macos-artifacts-to-s3: if: ${{ inputs.package == 'staging-chain-spec-builder' && inputs.target == 'aarch64-apple-darwin' }} @@ -472,10 +449,7 @@ jobs: package: chain-spec-builder release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit upload-substrate-node-macos-artifacts-to-s3: if: ${{ inputs.package == 'staging-node-cli' && inputs.target == 'aarch64-apple-darwin' }} @@ -485,10 +459,10 @@ jobs: package: substrate-node release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit + # AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + # AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + # AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} upload-eth-rpc-macos-artifacts-to-s3: if: ${{ inputs.package == 'pallet-revive-eth-rpc' && inputs.target == 'aarch64-apple-darwin' }} @@ -498,7 +472,14 @@ jobs: package: eth-rpc release_tag: ${{ inputs.release_tag }} target: ${{ inputs.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + secrets: inherit + + upload-subkey-macos-artifacts-to-s3: + if: ${{ inputs.package == 'subkey' && inputs.target == 'aarch64-apple-darwin' }} + needs: [build-macos-rc] + uses: ./.github/workflows/release-reusable-s3-upload.yml + with: + package: subkey + release_tag: ${{ inputs.release_tag }} + target: ${{ inputs.target }} + secrets: inherit diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml index b4c7b5d77bb53..b4606ef23437a 100644 --- a/.github/workflows/release-reusable-s3-upload.yml +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -18,14 +18,6 @@ on: required: true type: string - secrets: - AWS_DEFAULT_REGION: - required: true - AWS_RELEASE_ACCESS_KEY_ID: - required: true - AWS_RELEASE_SECRET_ACCESS_KEY: - required: true - jobs: upload-artifacts-to-s3: runs-on: ubuntu-latest